03-16-2009 09:23 AM - edited 02-21-2020 10:23 AM
In our aaa implementation we use tacacs with the local db as backup. Well, I'm trying to harden security. I know IOS has this nice little command:
âlogin on-failure log every xâ
This would be great so we could at least see the syslog message and have an idea if someone is trying to get into a piece of our equipment without having to try and watch the "Failed Attemps" report in ACS - but given we are using Tacacs, the only way this will throw a message is if ACS isn't available.
I'd like to know if there is a way for ACS to give us this information. Or, to get syslog messages to get thrown.
Thanks!
03-18-2009 09:04 AM
You can have acs push out to your syslog.
03-18-2009 09:19 AM
Yep - I was just hoping for some more granularity since all of our wireless devices enterprise-wide authenticate against ACS. I only want to know about the failed tacacs attempts.
03-18-2009 09:38 AM
So you only want to see syslog message for tacacs failures not for wireless auth failures. I am not sure how you would do that from ACS.
If it were me I would use a splunk syslog server and send all of the failures to it. Then in splunk I would setup a filter to only display the NAS-IP-Addresses that I was interested in.
Or if I had MARS I would setup a rule in that to look for login failures on those devices to trigger a notification.
What is your syslog server now?
03-18-2009 09:45 AM
We currently use Orion.
I guess I was just hoping to keep it within that so we'd see the syslog come through, but using Splunk isn't a bad idea...
03-18-2009 10:13 AM
I hear ya.
I know that acs 5 is going to be a lot more policy based on how users authenticate and what policies get applied depending on their location, etc... Hopefully the logging will offer some of the same granularity.
-Jesse
03-18-2009 10:27 AM
Guess I'm stuck then.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide